Ping a Specific Port

Question

Balint Pato

Asked: 2016-04-16 12:50:25 +0800 CST2016-04-16 12:50:25 +0800 CST 2016-04-16 12:50:25 +0800 CST

creating an SPN from a linux build server

772

I'm setting up a process which would automatically create the SPNs for newly exposed service URLs. I am aware of how to create an SPN with Windows using the setspn -A command with the right priviliges.

As my build server is running on Linux, I wonder, is there any way - other than logging in to a windows server and running setspn - to create the SPN from a Linux server?

2 Answers

Voted

Ryan Bolger · Answer 1 · 2016-04-20T09:23:20+08:00

Best Answer

Ryan Bolger

2016-04-20T09:23:20+08:002016-04-20T09:23:20+08:00

When you use the setspn tool, all you're doing is modifying the servicePrincipalName attribute of the specified computer/user in AD.

To do the same from a Linux machine, you just need to use an LDAP tool to connect to a domain controller and modify the attribute like you would any other. Keep in mind that it's a multi-valued attribute though. So don't accidentally wipe out existing entries that might exist on the target.

4

Mass Nerder · Answer 2 · 2016-04-16T13:47:47+08:00

Python library for Windows Remote Management (WinRM) will let you run remote command on a Windows machine from a Linux machine

pywinrm is a Python client for Windows Remote Management (WinRM). This allows you to invoke commands on target Windows machines from any machine that can run Python.

https://blogs.technet.microsoft.com/heyscriptingguy/2015/10/27/using-winrm-on-linux/

https://github.com/diyan/pywinrm

I don't think there is a tool for Linux that registers SPNs in Active Directory. Depending on your application and how it is set up you could delegate the service account the ability to register a SPN.

Open Active Directory Users and Computers.

To open Active Directory Users and Computers, click Start, click Run, type dsa.msc, and then press ENTER.

Click View, and verify that the Advanced Features check box is selected.

Click Advanced Features, if it is not selected.

If the domain to which you want to allow a disjoint namespace does not appear in the console, take the following steps:

    In the console tree, right-click Active Directory Users and Computers, and then click Connect to Domain.

    In the Domain box, type the name of the Active Directory domain to which you want to allow the disjoint namespace, and then click OK.

    As an alternative, you can use the Browse button to locate the Active Directory domain.

In the console tree, right-click the node that represents the domain to which you want to allow a disjoint namespace, and then click Properties.

On Security tab, click Advanced.

On the Permissions tab, click Add.

In Enter the object name to select, type the group or user account name to which you want to delegate permission, and then click OK.

Configure the Apply onto box for Computer objects.

At the bottom of the Permissions box, select the Allow check box that corresponds to the Validated write to service principal name permissions, and then click OK on the three open dialog boxes to confirm your changes.

Close Active Directory Users and Computers.

creating an SPN from a linux build server

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?